consultation paper - european securities and markets … december 2017 | esma33-128-108 consultation...
TRANSCRIPT
19 December 2017 | ESMA33-128-108
Consultation Paper Draft technical standards on third-party firms providing STS verification services under the Securitisation Regulation
ESMA • CS 60747 – 103 rue de Grenelle • 75345 Paris Cedex 07 • France • Tel. +33 (0) 1 58 36 43 21 • www.esma.europa.eu
2
19 December 2017
ESMA33-128-108
Responding to this paper
ESMA invites comments on all matters in this paper and in particular on the specific questions
summarised in Annex 1. Comments are most helpful if they:
respond to the question stated;
indicate the specific question to which the comment relates;
contain a clear rationale; and
describe any alternatives ESMA should consider.
ESMA will consider all comments received by 19 March 2018.
All contributions should be submitted online at www.esma.europa.eu under the heading ‘Your
input - Consultations’.
Publication of responses
All contributions received will be published following the close of the consultation, unless you
request otherwise. Please clearly and prominently indicate in your submission any part you do
not wish to be publically disclosed. A standard confidentiality statement in an email message
will not be treated as a request for non-disclosure. A confidential response may be requested
from us in accordance with ESMA’s rules on access to documents. We may consult you if we
receive such a request. Any decision we make not to disclose the response is reviewable by
ESMA’s Board of Appeal and the European Ombudsman.
Data protection
Information on data protection can be found at www.esma.europa.eu under the heading Legal
Notice.
Who should read this paper
This Consultation Paper may be of particular interest to third-party firms seeking to provide STS verification services, securitisation investors/potential investors, securitisation issuers, market infrastructures, as well as public entities involved in securitisations (market regulators, resolution authorities, supervisory authorities, and standard setters).
3
Table of Contents
1 Executive Summary ....................................................................................................... 5
2 Contents ......................................................................................................................... 7
2.1 Legal Mandate and Background .............................................................................. 7
2.2 General information ................................................................................................. 8
2.3 Information related to the applicant’s fee structure .................................................. 9
2.4 Information related to the independence of the third party ......................................10
2.5 Information related to the management body of the third party ...............................11
2.6 Information related to conflicts of interest ...............................................................13
2.7 Information related to operational safeguards and internal processes that enable the
third-party firm to assess STS compliance ........................................................................14
3 Annexes ........................................................................................................................16
3.1 Annex I: Summary of questions ..............................................................................16
3.2 Annex II: Legislative mandate to develop technical standards ................................17
3.3 Annex III: Preliminary cost-benefit analysis ............................................................18
3.3.1 Introduction .....................................................................................................18
3.3.2 Scope of information to be submitted to the respective competent authorities .18
3.3.3 Assessment of the extent of outsourcing of the activities .................................20
3.4 Annex IV: Draft RTS on information to be provided in the application for the
authorisation of a third party verifying STS compliance .....................................................22
4
Acronyms and definitions used
ABCP Asset-Backed Commercial Paper
ABS Asset-backed security
CBA Cost-benefit analysis
EEA European Economic Area
ESMA European Securities and Markets Authority
ESMA Regulation
Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC, as amended.
EU European Union
ITS Implementing Technical Standards
LEI Legal Entity Identifier
RTS Regulatory Technical Standards
Securitisation Regulation
Regulation 2017/XYZ of the European Parliament and of the Council laying down common rules on securitisation and creating a European framework for simple, transparent, and standardized securitisation and amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, and Regulations (EC) No 1060/2009 and (EU) No 648/2012
SSPE Securitisation Special Purpose Entity
STS Simple, Transparent and Standardised
URL Uniform Resource Locator
5
1 Executive Summary
Reasons for publication
The Securitisation Regulation is expected to be published in the Official Journal of the
European Union very soon and will enter into force 20 days after its publication. The
Regulation requires the European Commission to adopt delegated acts in a number of
areas.
ESMA is mandated to draft Regulatory Technical Standards covering the contents of the
application to be submitted, to an appropriate competent authority set out in the Regulation,
by firms seeking to provide ‘Simple, Transparent, and Standardised’ (“STS”) verification
services to securitisation originators, sponsors, and/or securitisation special purpose entities
(“SSPEs”). ESMA is mandated to submit these draft standards to the Commission by 6
months from the date of entry into force of the Securitisation Regulation.
Contents
Section 2.1 discusses ESMA’s mandate and provides further background. Section 2.2
discusses general information that ESMA proposes be received as part of a third-party
service provider’s application, including details about the operations of the applicant, an
indicative list of member states in which they intend to provide STS verification services as
well as the scope of the third-party verification services it intends to provide, in terms of the
securitisation type and underlying asset class. Section 2.3 covers ESMA’s proposals for
information to be received on the applicant’s fee structure. The proposals have been drafted
to enable the competent authorities assessing the application to determine whether the third
party is able to comply with the requirement that it charge only non-discriminatory and cost-
based fees to the originators, sponsors or SSPEs without differentiating fees depending on,
or correlated to, the results of its assessment. Next, Section 2.4 sets out ESMA’s proposals
to enable the competent authorities to confirm that the applicant is neither a regulated
institution (i.e. credit institution, an insurance undertaking, or an investment firm) nor a credit
rating agency, and that the third party does not provide any form of advisory, audit or
equivalent services to the originator, sponsor or SSPE involved in the securitisation, which
the third party assesses.
Section 2.5 sets out information that, in ESMA’s view, is necessary to ensure that the
members of the applicant’s management body have professional qualifications, knowledge
and experience that are adequate for the applicant’s tasks. To this end, ESMA proposes
that the applicant must provide sufficient information on the composition of its management
body and on its members, including information enabling the competent authority to assess
whether the members of the management body are of good repute and integrity. Section 2.6
covers ESMA’s proposals to allow an assessment of the applicant’s actual and potential
conflicts of interest in providing third-party STS verification services, as well as how the
applicant records, manages, mitigates, prevents, discloses and remedies any identified
6
conflicts of interest. Lastly, Section 2.7 proposes elements that the applicant firm should
provide to demonstrate that it has proper operational safeguards and internal processes that
enable it to assess STS compliance. This includes the submission of all of the applicant’s
methodologies to be used for its STS verification services, as well as information on the
applicant’s employees (including experience and qualifications) and on the use of outside
experts.
Next Steps
ESMA will consider the feedback it received to this consultation in Q2 2018 and expects to
publish a final report and submission of the draft technical standards to the European
Commission for endorsement in July 2018.
7
2 Contents
1. Regulation 2017/XYZ of the European Parliament and of the Council laying down common
rules on securitisation and creating a European framework for simple, transparent, and
standardized securitisation and amending Directives 2009/65/EC, 2009/138/EC,
2011/61/EU, and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (‘the
Securitisation Regulation’) is expected to be published in the Official Journal of the
European Union very soon.
2. As set out in the Securitisation Regulation, the European Securities and Markets Authority
is obliged to submit, within six and twelve months after the entry into force of the
Regulation, delegated acts to the European Commission (‘the Commission’) for adoption.
2.1 Legal Mandate and Background
3. According to Article 28(4) of the Securitisation Regulation, ESMA is mandated to develop
draft RTS covering the information to be provided by a third party firm seeking to register
with a competent authority, in order for that firm to be able to provide services relating to
verifying a securitisation’s compliance with STS criteria.
4. ESMA has therefore set out a proposed version of the RTS for the application for
authorisation of a third party for verification of the compliance of a securitisation with the
STS criteria (hereafter ‘third-party authorisation RTS’), where it describes the information
to be required from an applicant by a competent authority. The proposed RTS shall specify
what information is appropriate and sufficient in order for a competent authority to make a
decision as to whether the applicant fulfils the requirements under the Article 28(1) of the
Securitisation Regulation.
5. Recital 34 of the Securitisation Regulation acknowledges that “originators, sponsors and
SSPEs could use the services of a third party authorised in accordance with this Regulation
to assess whether their securitisation complies with the STS criteria”, conditional on the
third party being authorised to provide such services by a competent authority. Pursuant
to Article 27(2) of the Securitisation Regulation, the originator, sponsor, or SSPE is under
no obligation to use the service of a third party firm providing STS verification services.
6. Article 28(1) of the Securitisation Regulation contains the requirements to be fulfilled by
the applicant for the competent authority to grant the authorisation. These include criteria
related to:
(a) the fees charged to the originators, sponsors or SSPEs by the applicant;
(b) the independence of the applicant;
(c) the composition of the management body of the applicant;
(d) the prevention of conflicts of interest with regards to the verification of the STS
compliance by the applicant; and
(e) the proper operational safeguards and internal processes of the applicant that enables
it to assess STS compliance.
8
2.2 General information
7. In developing this proposed RTS, ESMA has taken into account the existing requirements
for authorisation of the Credit Rating Agencies1 and statutory auditors. ESMA, has applied
a proportional approach and considered the specific circumstances and role of the third
party applying for authorisation to be able to verify the compliance of the securitisation with
the STS criteria as specified in the Article 28 of the Securitisation Regulation.
8. When developing this RTS, ESMA considered three options to ensure that the competent
authorities obtaining through the authorisation process sufficient information to assess the
application to be registered as a third-party verifying a securitisation’s compliance with the
STS criteria. As further explained in the preliminary cost-benefit analysis, ESMA proposes
to use a flexible harmonisation approach based, with comprehensive information
requirements in the draft RTS, which while harmonising most of the requirements, retains
a certain level flexibility for the competent authorities to request additional information
necessary to assess the application.
9. ESMA considers it appropriate to require some general information from applicants. Such
general information includes details on the applicant that enable identification of the
applicant such as name and address, its legal form and contact details and historical
financial information (e.g. through financial statements, to the extent available). ESMA
proposes the use of LEI as the unique identifier of the applicant, in line with ISO standards
or, if the LEI is not available, a nationally-accepted identifier. In ESMA’s view, use of LEI is
preferable as it would allow unambiguous identification of the entity in all EU Member
States and facilitate communication among competent authorities, where needed.
Furthermore, LEI is the generally used standard in the recent financial legislative
requirements in the area of financial markets. Therefore, use of LEI will improve
unambiguous identification of the applicant, together with identification of other financial
services that might be provided by the applicant in other Member States.
10. ESMA recommends that the list of required information also covers details about the nature
and scope of operations of the applicant as well as of the group to which it belongs. Such
information need to provide details on the ownership of the applicant as well as its
organisational and governance structure. This information may prove useful for a
consideration of the appropriateness of an applicant’s arrangements in terms of the scope
of its activities, its independence and conflicts of interest.
11. In addition, ESMA deems it necessary that the applicant describes, in its application, the
scope of the third-party verification services it intends to provide, in terms of the
securitisation type (i.e. distinguishing between ABCP and/or non-ABCP transaction) and
for non ABCP securitisations underlying asset class(such as e.g. residential mortgages,
commercial mortgages, corporates, leasing, auto loans, consumer loans, credit card
receivables). ESMA considers necessary that the competent authorities possess sufficient
information on the extent of the STS verification services that the applicant intends to
provide, given the different articulation of the STS criteria for the ABCP transactions and
1 Commission Delegated Regulation (EU) No 449/2012 of 21 March 2012 supplementing Regulation (EC) No 1060/2009 of the European Parliament and of the Council with regard to regulatory technical standards on information for registration and certification of credit rating agencies
9
thus different expertise required.
12. Given the general freedom to provide services in the EU and the absence of indications to
the contrary in the Securitisation Regulation, ESMA is of the view that the applicant, once
authorised by the competent authority in the Member State in which the applicant is
established, is authorised to provide its services to originators, sponsors or SSPEs
established throughout the EU. To this end, ESMA proposes that applicants should also
provide an indicative list of Member States in which they intend to provide STS verification
services. Given the heterogeneity of securitisations across the EU and underlying asset
types, obtaining information on the scope of third-party verification services to be provided
and on the Member States in which these services are expected to be provided will be
useful as a benchmark for assessing the applicant’s competences in assessing compliance
with STS criteria. Furthermore, mapping of the expected applicant activities across the
single market might facilitate, if needed, exchange of information or cooperation among
the competent authorities.
Q 1: Do you agree with the proposed general information to be required from applicants to provide third-party STS verification services? Are there any other items that should be considered?
2.3 Information related to the applicant’s fee structure
13. Article 28(1)(a) of the Securitisation Regulation allows the third party to charge only non-
discriminatory and cost-based fees to the originators, sponsors or SSPEs without
differentiating fees depending on, or correlated to, the results of its assessment.
14. ESMA considers that in its application for authorisation, the third party should provide
sufficient information to enable the competent authority to assess whether the applicant’s
pricing policies allow only non-discriminatory cost-based fees to be charged. In order to
meet this objective, ESMA considers that the third party should provide in its application
sufficiently detailed pricing policies, fee structure and fee schedules for each securitisation
type and underlying asset class for which it wishes to offer verification services. ESMA is
of the view that such level of fee structure disaggregation is necessary given the variation
in complexity and effort required for verification whether the STS criteria are met for
different securitisation types and underlying asset classes. In ESMA’s view the pricing
policies and fee structures should be clear and unambiguous and should enable to assess
how the size and complexity of the underlying exposures impact the fee.
15. In addition, the application must provide a description of the pricing criteria and policies
and procedures that enable the competent authority to assess the link between the pricing
policy and the individual fee. Such information should enable the competent authority to
assess the non-discriminatory nature of the fees charged by the applicant.
16. ESMA is of the view that the requirement concerning non-discriminatory pricing requires
the applicant to provide the competent authorities with its policies and procedures for
ensuring that departing from the fee schedule is not arbitrary and does not allow, directly
or indirectly, differentiating fees depending on or correlated with the results of the STS
10
verification. In order for the competent authority to be able to evaluate this criterion
comprehensively, ESMA also suggests that the application package shall also include
sufficient information to evaluate the existence of an effective internal control system over
the pricing decisions. This includes information on existence of any operational safeguards
aiming to ensure that the fees are set in advance of the assessment and if paid upfront are
non-refundable. Furthermore, the application shall include information on existence of
operational safeguards aiming to ensure that the contractual agreements with the
originator, sponsor or SSPE to provide STS verification services do not include contractual
termination clause or lead to breach of contract on performance or in case of non-
confirmation of STS.
17. Finally, ESMA considers that the application should include policies and procedures
relating to changes in the fees charged and relating to retaining the history of the fee
schedules.
18. At the same time the application should provide information on the methods used to
account separately for the cost that the applicant may incur when providing STS verification
services. ESMA is of the view that the applicant must provide information that enables the
competent authority to assess the reliability and robustness of the costing system
supporting the fee calculation. That shall cover also situations where the verification activity
is covered by an outsourcing contract.
Q 2: Do you agree with the proposed information required from applicants on their
pricing policies? Are there any other items that should be considered to determine that
fees are non-discriminatory and cost-based, and not differentiated depending on the
results of the applicant’s STS assessment?
2.4 Information related to the independence of the third party
19. Articles 28(1)(b) and (c) of the Securitisation Regulation lay down the requirements for the
independence of the third party. In particular, the third party cannot be a regulated
institution (i.e. credit institution, an insurance undertaking, or an investment firm) nor a
credit rating agency. Furthermore, the third party shall not provide any form of advisory,
audit or equivalent services to the originator, sponsor or SSPE involved in the
securitisation, which the third party assesses.
20. ESMA considers that the starting point to assess the applicant’s compliance with these
requirements could be based on the general information provided by the applicant (such
as an extract of the business register) accompanied by the declaration of the management.
21. Furthermore, the applicant should submit written policies and procedures that ensure that
the engagement acceptance processes and related internal controls clearly prevent the
applicant from accepting to provide STS verification services if it provides any form of
advisory, audit, or equivalent services to the originator, sponsor or SSPE involved in the
securitisation. ESMA understands that the phrase “involved in the securitisation” (Article
21(1)(c)) intends to capture also entities that are affiliated to the originator, sponsor, or
11
SSPE (such as entities within the group as defined by the Accounting Directive2) and
provide services to the securitisation, such as back-up servicing arrangements, swaps,
guarantees, and custodial services. Furthermore, these same policies and procedures
should be time-consistent, insofar that they also ensure that the applicant should not
provide any form of advisory, audit, or equivalent services after accepting an engagement
to provide STS verification services.
22. The requirements of Article 28(1)(b) of the Securitisation Regulation are aimed to ensure
that the performance of the third party’s other activities shall not compromise the
independence or integrity of its assessment of the STS criteria. In the context of assessing
the applicant’s independence and the scope of its services, ESMA considers it necessary
that the applicant provides sufficient detail on its financial situation. In this context, ESMA
considers that the viability of the applicant and dependence of a single customer needs to
be taken into account when assessing possible threats to the applicant’s independence
and impartiality when seeking, charging, and providing STS verification services.
23. In order to be able to demonstrate how the applicant meets this criterion, ESMA considers
that the applicant should provide all the information relevant for assessing its
independence, notably:
(a) An identification and quantification of the applicant’s other activities. This should
include a detailed description of the other activities accompanied by a breakdown of
revenues by type of activity undertaken by the applicant, as well as the financial
statements of the applicant;
(b) A description of the applicant’s processes and procedures to identify, manage and
mitigate activities that raise a potential threat to the independence and integrity of the
applicant’s STS verification assessment; in this regard, information should be provided
on the applicant’s internal processes and procedures relating to its organisation and
management of other activities besides STS verification services;
(c) A description of the extent of concentration of revenue streams received from a single
entity or from a group of related entities.
Q 3: Do you agree with the proposed information required to assess the independence
of a firm seeking authorisation to provide STS verification services? Are there other
items that should be considered for this assessment?
2.5 Information related to the management body of the third party
24. Article 28(1)(d) of the Securitisation Regulation requires the members of the management
body of the third party to have professional qualifications, knowledge and experience that
are adequate for the task of the third party. Members of the management body must also
2 Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC
12
be of good repute and integrity. At the same time, Article 28(1)(e) of the Securitisation
Regulation requires that the management body of the third party includes at least one third
(but not less than two), independent directors.
25. While the Securitisation Regulation does not define the management body, ESMA notes
that this term is defined in the securities markets law. For example Article 4(1)(36) of the
MIFID II3 defines the management body as “the body or bodies […] which are appointed in
accordance with national law, which are empowered to set the entity’s strategy, objectives
and overall direction, and which oversee and monitor management decision-making and
include persons who effectively direct the business of the entity. While the MIFID definition
was made in the context of an investment firm, market operator or data reporting services
provider, ESMA believes that it is appropriate to use this definition also for the purposes of
the third party providing STS verification services.
26. ESMA considers that the applicant should provide sufficiently detailed information on the
composition of its management body and on its members. Receiving information on both
the identity, qualification and the professional background of members, as well as
information on any declaration of compliance with a corporate governance code, if
applicable, will be of assistance in this regard. This should provide sufficient information
for the competent authorities to assess whether the members of the management body are
adequately qualified, knowledgeable and experienced. While ESMA does not intend to
define the detailed criteria or time limit for professional experience in securitisations area,
ESMA notes that the length of the professional experience in the areas relevant to
envisaged activities of the applicant needs to be commensurate to the level of
responsibilities expected from the members of the management body.
27. With regards to the independent members of the management body, ESMA considers that
the application must contain sufficient information to enable the competent authority to
assess the de facto independence of such members, and to determine that their
appointment and presence in the management body does not raise any existing or potential
conflicts of interest. ESMA notes that while independence is not defined in the
Securitisation Regulation, other sectoral legislation defines independence of members of
the management bodies. This is the case e.g. for members of the management body of
the management company, members of the management body of the depositary in Article
24(2) of the Commission Delegated Regulation (EU) 2016/438 4 . According to this
definition, members of the management body […] shall deemed to be independent “as long
as they are neither members of the management body or the body in charge of the
supervisory functions nor employees of any of the other undertakings between which a
group link exists and are free of any business, family or other relationship with the
management company or the investment company, the depositary and any other
undertaking within the group that gives rise to a conflict of interest such as to impair their
judgment”.
28. While taking into account the variety of corporate structure of the applicants, ESMA
3 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU
4 Commission Delegated Regulation (EU) 2016/438 of 17 December 2015 supplementing Directive 2009/65/EC of the European Parliament and of the Council with regard to obligations of depositaries
13
considers that the national authorities could also use the Commission Recommendation of
15 February 2005 on the role of non-executive or supervisory directors of listed companies
and on the committees of the (supervisory) board5, or the equivalent provisions in national
legislation or nationally applied corporate governance code, to assess whether members
of the management body could be considered as independent directors. While the
Commission Recommendation was developed in the context of listed companies ESMA
considers that, given the need for integrity and transparency of the STS verification
process, those requirements could be applied to the independent members of the
management body of the applicant. Consequently, ESMA proposes that comprehensive
details on independent members of the management body should be provided in the
application for authorisation.
29. Finally, ESMA highlights the need to provide all information permitting the competent
authority to assess whether the members of the management body are of good repute and
integrity. Comprehensive details of any pending judicial, administrative, arbitration or other
litigation proceedings irrespective of their type will be helpful in this regard.
Q 4: Do you agree with the proposed information required to assess the applicant’s
management body, as well as the independent directors? Are there other items that
should be considered for this assessment?
2.6 Information related to conflicts of interest
30. Article 28(1)(f) of the Securitisation Regulation requires the third party to take all necessary
steps to ensure that the verification of STS compliance is not affected by any existing or
potential conflicts of interest or business relationships. ESMA considers that applicant firms
must possess an effective internal control system for identification, prevention, mitigation
and disclosure of existing or potential conflicts of interest on a timely basis.
31. ESMA believes that information on conflicts of interest is particularly important. In this
respect it is essential that the applicant demonstrates to the competent authority how
existing or potential conflicts of interest are identified, recorded, managed, mitigated,
prevented, disclosed and remedied. In this regard, applicants should provide information
on:
(a) the policies, procedures, and controls covering existing and potential conflicts of
interest; including arrangements that aim to ensure that the staff have been made
aware of these policies and procedures. and
(b) an inventory, established at the date of the application, of existing conflicts of interest,
involving third parties, shareholders, owners or members of the applicant, members of
the management body, managers, employees of the applicant or any other natural
person whose services are at the disposal or under the control of the applicant.
32. Moreover, ESMA believes that the information provided by the applicant should
5 OJ L 52, 25.2.2005, p. 51–63
14
demonstrate to the competent authority that its engagement acceptance processes and
related internal governance allow potential conflicts of interest of the management body’s
members to be effectively managed.
33. In this context, ESMA considers that the application should include sufficient information
on the policies and procedures that ensure independence of its assessment of the STS
criteria. These policies should include, inter alia, procedures to manage possible conflicts
of interest when either the third party provides advisory, audit or equivalent services to any
member of the group to which one of the parties to the securitisation transaction belongs
(without providing these services directly to a party to the securitisation transaction) or a
related party member of the network (such as the audit network defined in Article 2 of the
Audit Directive6) or other wider structure to which the third party belongs provides advisory,
audit or equivalent services to a party to the securitisation transaction.
34. Finally, ESMA considers that when the applicant intends or plans to use independent
experts to outsource any material part of its activities, the application should contain
policies and procedures enabling the applicant to assess whether any intended or planned
outsourcing of the applicant’s activities does not pose a threat to the independence of its
assessment of the STS criteria or creates a potential conflict of interests.
Q 5: Do you agree with the proposed information required to assess the presence of
existing or potential conflicts of interest? Are there other items that should be
considered for this assessment?
2.7 Information related to operational safeguards and internal
processes that enable the third-party firm to assess STS
compliance
35. Article 28(1)(g) of the Securitisation Regulation requires the third party to demonstrate that
it has proper operational safeguards and internal processes that enable it to assess STS
compliance.
36. ESMA considers that in order to enable the competent authority to assess the application,
the applicant needs to provide the existing policies, procedures governing operational
safeguards and internal processes. The application should also include information on how
these policies and procedures are kept up-to-date and describe any arrangements to report
their significant breaches.
37. ESMA considers it crucial that the applicant provides summary of methodologies to be
used for its STS verification services, including methodologies differentiated by
securitisation types (ABCP or non-ABCP) and underlying asset classes.
38. ESMA also considers that the application package should include a template of the STS
6 Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC
15
verification report. Such template is necessary to enable the competent authority to
evaluate the level of information provided to the originator, sponsor or SSPE with regard
to the STS verification services.
39. ESMA also considers that the competent authority should have sufficient information to
assess the applicant’s operational safeguards, the policies and procedures governing
independence of the applicant’s employees, and the integrity of the STS assessment
process. To this end, the competent authority should receive, as part of the third party firm’s
application, information on the number of employees disaggregated by position type (such
as analysts, managers, specialised positions etc.), as well as an overview of the experience
and qualification requirements in relation to each of the position types.
40. Finally, ESMA considers it important that the information on the intended or potential use
of outside experts is provided in the application in order to be able to assess the operational
safeguards with regard to the quality and integrity of the STS verification process.
Q 6: Do you agree with the proposed information required to assess the third party firm’s
operational safeguards and internal processes for assessing STS compliance? Are
there other items that should be required in the application?
16
3 Annexes
3.1 Annex I: Summary of questions
Q 1: Do you agree with the proposed general information to be required from applicants to provide third-party STS verification services? Are there any other items that should
be considered?
Q 2: Do you agree with the proposed information required from applicants on their
pricing policies? Are there any other items that should be considered to determine that
fees are non-discriminatory and cost-based, and not differentiated depending on the
results of the applicant’s STS assessment?
Q 3: Do you agree with the proposed information required to assess the independence
of a firm seeking authorisation to provide STS verification services? Are there other
items that should be considered for this assessment?
Q 4: Do you agree with the proposed information required to assess the applicant’s
management body, as well as the independent directors? Are there other items that
should be considered for this assessment?
Q 5: Do you agree with the proposed information required to assess the presence of
existing or potential conflicts of interest? Are there other items that should be
considered for this assessment?
Q 6: Do you agree with the proposed information required to assess the third party firm’s
operational safeguards and internal processes for assessing STS compliance? Are
there other items that should be required in the application?
Questions to stakeholders regarding the preliminary cost-benefits analysis:
Q 7: Do you agree with the ESMA’s preliminary analysis on the main costs and benefits
of (i) the information to be submitted to the respective competent authorities and,
specifically (ii) the information on the extent of outsourcing of the activities of the
applicant applying for providing the STS verification services.
Q 8: Please provide quantitative estimates of the magnitude of expected one-off and
ongoing costs of complying with the proposed RTS requirements (both at the time of
application and thereafter)? When specifying and quantifying the costs please refer to
the individual cost types as a percentage of applicant’s current/budgeted operational
costs.
17
18
3.2 Annex II: Legislative mandate to develop technical standards
Article 28(4) of the Securitisation Regulation:
ESMA shall develop draft regulatory technical standards specifying the information to be
provided to the competent authorities in the application for the authorisation of a third party in
accordance with paragraph 1.
ESMA shall submit those draft regulatory technical standards to the Commission by six months
after entry into force of this Regulation.
The Commission is empowered to adopt the regulatory technical standards referred to in the
first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.
19
3.3 Annex III: Preliminary cost-benefit analysis
3.3.1 Introduction
41. As discussed in section 2.1, the Securitisation Regulation tasks ESMA with developing
RTS on the information to be provided by a third party firm seeking to register with a
competent authority, in order for that firm to be able to provide services relating to verifying
a securitisation’s compliance with the STS criteria. As part of its mandate to conduct an
analysis of the costs and benefits of this proposed RTS, ESMA has prepared a preliminary
analysis in this Consultation Paper, on which it welcomes views from market participants
and other stakeholders.
42. ESMA is of the view that the proposed draft RTS are purely technical and do not imply
strategic decisions or major policy choices. Indeed, ESMA considers that its options are
limited to its specific narrow mandate for drafting these particular RTSs, and the need to
ensure compliance with the objectives set out in Securitisation Regulation. Consequently,
the assessment is limited only to the extent of information that is necessary to enable the
competent authorities to evaluate whether the applicant fulfils the requirements under the
Article 28(1) of the Securitisation Regulation. The main policy decisions taken under the
Regulation have already been assessed and published by the European Commission in its
own impact assessment work7.
43. ESMA furthermore recalls that it has a mandate to conduct a cost-benefit analysis (CBA)
on Level 2 requirements (i.e. these draft RTSs), and not Level 1 (i.e. the Securitisation
Regulation). However, ESMA understands that, as with many other CBAs of RTSs in other
areas under ESMA’s remit, it is sometimes difficult, including for CBA survey respondents,
to clearly distinguish between the costs imposed by Level 2 compared to Level 1 rules.
44. The following section reflects the key issues carrying, in ESMA’s view, different options for
implementation. ESMA also included a specific question related on the options for
information related to the outsourcing of activities of the applicant.
3.3.2 Scope of information to be submitted to the respective competent authorities
45. The draft RTS discussed in this consultation paper require a substantial amount of
information to be provided to the respective competent authorities. Generally-speaking,
from ESMA’s perspective this reflects an orientation to obtain, ex ante, information on many
aspects of the applicant’s business necessary to evaluate the application and compliance
of the applicant with the requirements of Article 28(1) of the Securitisation Regulation.
ESMA has analysed 3 different options which could achieve the objective set out in the
Securitisation Regulation with respect to authorisation of third parties.
Objective Obtaining sufficient information to assess the application to be registered as
a third-party verifying a securitisation’s compliance with the STS criteria
7 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015SC0185&from=EN
20
Option 1 Specify limited information requirements in the draft RTS, providing a wide
margin of flexibility to the competent authorities to define the information
requirements by the applicants (“minimum harmonisation option”)
Option 2 Specify comprehensive information requirements in the draft RTS, which
while harmonising most of the requirements, retains a certain level flexibility
for the competent authorities to request information necessary to assess the
application (“flexible harmonisation option”)
Option 3 Specify harmonised comprehensive information requirements in the draft
RTS, including a harmonised template. Setting out such an exhaustive list of
information requirements would not permit any deviation by any competent
authority when assessing the application. (“maximum harmonisation option”)
Preferred option Option 2: Flexible harmonisation option
Despite the slightly higher up-front effort required from applicants, ESMA is
of the view that it is preferable to request a relatively comprehensive set of
information at the outset in the present RTS. ESMA prefers this proposed
approach in order to minimize the risk of time-consuming (and costly)
exchanges for supplementary information between competent authorities
and the applicant. At the same time this approach does not provide a
harmonised template.
This approach also strikes the balance between ensuring a level playing field
for new entrants/applicants and overburdening them with a fixed application
form. In ESMA’s view such approach also provides the right balance between
the clarity for already-registered third-parties seeking to understand the
requirements expected of them and the fact that the supervision of the
applicant remains at the national level.
Option 1 Specify limited information requirements in the draft RTS (“minimum
harmonisation option”)
Benefits Potentially lower up-front cost for applicants
Full flexibility of the competent authorities to request information from
applicants
Costs Higher potential costs for competent authorities and applicants due to
duplication of efforts required when requesting supplementary
information to be provided.
Risk of uneven playing field developing, as this option makes it more
challenging for competent authorities to ensure consistency in their
review of applications over time and for ESMA to ensure supervisory
convergence and a consistent application of the requirements.
Option 2 Specify requirement for a set of information in the draft RTS subject to
possible adjustments (“flexible harmonisation option”)
Benefits Lower potential costs for competent authorities and applicants due to
avoided duplication of efforts required relative to Option 1 (arising from
the expected need for fewer repeated exchanges, specifying
supplementary information to be provided)
This option decreases the flexibility for competent authorities, but still
provides them with a certain discretion to supplement the minimum list
set out in the RTS to address any specific circumstances of the applicant,
thus providing better understanding of the compliance with requirements
21
that were harmonised.
Costs Potentially higher up-front cost for applicants to prepare the minimum
information that were defined in the RTS vs. Option 1.
Option 3 Specify comprehensive harmonised information requirements in the draft
RTS to be provided in a template (“maximum harmonisation option”)
Benefits This option ensures a common understanding and in-depth knowledge
of the information requirements by all the stakeholders
This approach would ensure maximum harmonisation across the EU.
Costs Depending on the type of applicant and its activities, the list might be too
cumbersome if no flexibility is provided, resulting in unnecessary
excessive costs for the applicant (i.e. this option might not be proportional
for the nature of activities of the third-party verifying the STS criteria.
Higher up-front costs for the applicants to use the harmonised template,
potential higher up-front cost for the competent authorities to collect
information that is not used in the assessment process.
3.3.3 Assessment of the extent of outsourcing of activities
46. The draft RTS proposes to obtain information in relation to outsourcing contracts when that
applicant establish such contracts in relation to the STS verification activity. The following
options have been considered when drafting the relevant section of the proposed RTS.
Objective Obtaining necessary information as regards the applicant’s operational
safeguards and internal processes
Option 1 Do not explicitly include information on outsourcing arrangements.
Option 2 Explicitly include information on outsourcing arrangements.
Preferred option Option 2: Third-parties applying to provide STS verification services may find
it cost effective to outsource a number of functions, including performing of
detailed examination of the underlying transaction. In this context, ESMA
considers that this information is pertinent to assessing the operational
safeguards of the applicant to provide the STS verification services as well
as evaluate potential conflicts of interest.
Option 1 Do not include information on outsourcing arrangements
Benefits Lower initial amount of information must be gathered by applicants,
potentially leading to additional interest in applying.
Costs Less clarity on operational safeguards and conflicts of interest.
Possibly greater efforts required from applicants if respective competent
authority seeks to obtain further information on a specific application.
22
Option 2 Include information on outsourcing arrangements
Benefits Greater clarity on operational safeguards and the potential conflicts of
interest.
Possibly lower degree of effort required from applicants if the responsible
competent authority seeks to obtain further information on a specific
application (leading also to higher overall application assessment costs
for the competent authority).
Clearer set of requirements, thus facilitating applicants’ initial efforts for
preparing application materials.
Costs Possibly greater up-front costs for applicants to prepare the necessary
application materials.
23
3.4 Annex IV: Draft RTS on information to be provided in the
application for the authorisation of a third party verifying STS
compliance
Draft
COMMISSION DELEGATED REGULATION (EU) …/..
supplementing Regulation [xx/XX/EU] of the European Parliament and of the Council with regard to
RTS on information to be provided to the competent authorities in the application for the authorisation
a third party verifying STS compliance
of […]
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EC) No [xx/XX/EU] of the European Parliament and of the
Council of [insert date] on securitisation8, and in particular Article 28(4) thereof,
Whereas:
1) This Regulation specifies the information that the respective competent authority should
receive within the application for authorisation of a third party intending to assess the
compliance of securitisations or ABCP programmes with the STS criteria laid down in
Articles 19 to 22 and Articles 23 to 26 of Regulation (EU) 2017/xxx (“Securitisation
Regulation”). This specification of the information to be provided in the application for
authorisation promotes a common and consistent process throughout the Union. The
respective competent authority is the authority in the jurisdiction in which the applicant is
established.
2) The information to be provided by the applicant in the application for authorisation of the
third party should be sufficient to enable the competent authority to evaluate whether and
to what extent the applicant third party meets the conditions of Article 28(1) of the
Securitisation Regulation.
3) Once authorised, the applicant will be able to provide STS verification services across the
European Union. Accordingly, the application for registration shall comprehensively identify
the applicant, the group to which it belongs as well as the scope of its existing activities.
With regards to the STS verification services to be provided, the application shall include
the envisaged scope of the services to be provided as well as the geographical scope of
these services.
8 Insert OJ reference
24
4) It facilitates the effective use of supervisory resources if the application for registration
includes a table clearly identifying the submitted document and its contribution to meeting
each specific requirement of this Regulation.
5) The content of the application should enable the competent authority to assess whether
the fees charged are non-discriminatory and are sufficient and appropriate to cover a third
party firms’ costs in providing the STS verification services. In order to enable the
competent authority to assess whether the fees meet the conditions in the Securitisation
Regulation, this Regulation requires the applicant to provide comprehensive information
on pricing policies, pricing criteria, fee structures and fee schedules.
6) Applicant for registration as a third party providing STS verification services should provide
information on the structure of its internal controls and the independence of its governing
bodies, in order to enable the competent authority to assess whether the corporate
governance structure ensures the independence of the firm and of the STS criteria
verification process. Consequently, this Regulation requires comprehensive information on
the composition of the management body, qualification and repute of each members of the
management body. While the Securitisation Regulation does not provide an explicit
definition of the management body nor of independent members thereof, ESMA notes that
the definition of the management body in the context of an investment firm, market operator
or data reporting services provider is included in point 36 of Article 4(1) of Directive
2014/65/EU of the European Parliament and of the Council9 and the definition of the
independent members of the management body in the context of the management
company and the depositary is included in Article 24(2) of the Commission Delegated
Regulation (EU) 2016/43810.
7) The presence, in the application, of detailed information on the relevant internal control
mechanisms and structures, the internal control function enables the competent authority
to assess whether these factors contribute to ensuring the operational safeguards and
efficient functioning of the firm from the perspective of providing STS verification services.
8) Securitisation instruments are complex, evolving products that require specialised
knowledge. For the competent authority to be able to assess whether the applicant can
demonstrate that it has sufficient operational safeguards and internal processes that
enable it to assess STS compliance, it is important for the applicant to provide information
on qualification of employees and quality of its methodologies, in a manner that is sensitive
to the securitisation type (i.e. specifying whether the transaction is an ABCP and/or non-
ABCP transactions) as well as, for non ABCP transaction the asset class of its underlying
exposures (as a minimum distinguishing the same asset classes as those defined to meet
the transparency requirements of the Securitisation Regulation).
9) The use of outsourcing arrangements and the reliance on the use of external experts could
raise concerns about the robustness of the operational safeguards and internal processes.
Consequently, specific information shall be provided as part of the application on the nature
and scope of such outsourcing arrangements and governance over those arrangements.
10) This Regulation is based on the draft regulatory technical standards submitted by the
9 OJ L 173, 12.6.2014, p. 384
10 OJ L 78, 24.3.2016, p. 29
25
European Securities and Markets Authority (ESMA) to the Commission.
11) ESMA has conducted open public consultations on the draft regulatory technical standards
on which this Regulation is based, analysed the potential related costs and benefits and
requested the opinion of the Securities and Markets Stakeholder Group established by
Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council.
HAS ADOPTED THIS REGULATION:
Article 1
General provisions
1. This Regulation lays down the rules regarding the information to be provided to the
respective competent authority in the application for the authorisation of a third party to
assess the compliance of securitisations with the STS criteria in accordance with Article
28(1) of the Securitisation Regulation;
2. An applicant shall give a unique reference number to each document it submits. The
applicant shall submit a table set out in Annex 1 as part of the application.
3. Where an applicant considers that a requirement of this Regulation is not applicable to it,
it shall provide an explanation why the respective requirement does not apply.
4. The application shall be accompanied by a letter signed by the responsible member of the
applicant’s management body,
(a) representing that submitted information is accurate and complete to their knowledge,
as of the date of the submission of the application; and
(b) representing that the applicant is neither a regulated entity as defined in point 4 of
Article 2 of Directive 2002/87/EC11 nor a credit rating agency as defined in point (b) of
Article 3(1) of Regulation (EC) No 1060/200912.
Article 2
Identification of the applicant
11 Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council (OJ L 35, 11.2.2003, p. 1).
12 Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (OJ L 302, 17.11.2009, p. 1).
26
1. The application for authorisation as a third party providing STS verification services shall
identify comprehensively the applicant. For this purpose it shall contain the following
information, to the extent relevant:
(a) the corporate name of the applicant and its legal form;
(b) the applicant’s Legal Entity Identifier (LEI) or, if not available, a nationally accepted
identifier;
(c) the legal address as well as the address of all its offices within the Union;
(d) Uniform Resource Locator (URL) of the applicant’s website;
(e) an excerpt from the relevant commercial or court register, or other forms of certified
evidence of the place of incorporation and scope of business activity of the applicant,
valid at the application date;
(f) the articles of incorporation or where relevant, other statutory documentation stating
that the applicant is to conduct STS verification services;
(g) a complete set of the most recent annual financial statements of the applicant, including
individual and consolidated financial statements, where applicable; and where the
financial statements of the applicant are subject to statutory audit within the meaning
given in Article 2(1) of the Directive 2006/43/EC13, the audit report on these financial
statements;
(h) the name, title, address, e-mail address and the telephone number(s) of the contact
person for the purposes of the application
(i) the name, title, address, e-mail address and the telephone number(s) and contact
details of the person(s) responsible for compliance, or any other staff involved in
compliance assessments for the applicant;
(j) the list of Member States in which the applicant intends to provide STS verification
services;
(k) the list of securitisation types and underlying asset classes for which the applicant
intends to offer STS verification services;
(l) a description of any services, other than the third party STS verification services, that
the applicant provides or intends to provide, whether or not these are subject to
13 Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p.87).
27
authorisation or regulation;
(m) whether the applicant has ever been the subject of any administrative penalty, civil or
administrative judgment, arbitration or other adjudicative dispute resolution award or
decision or of any judgment on the commission of a criminal offence, in each case
resulting in a finding against the applicant, which was not set aside and against which
no appeal is pending or may be filed; and
(n) information on any pending criminal, civil, administrative, arbitration or any other
litigation proceedings irrespective of their type that the applicant may be party to.
2. Where the applicant has a parent undertaking, it shall:
(a) identify the business address of the parent undertaking and, if different, of the ultimate
parent undertaking; and
(b) indicate whether the parent undertaking, and/or ultimate parent undertaking, are
authorised or registered or subject to supervision, and when this is the case, state any
associated reference number and the name of the responsible supervisory authority.
3. Where the applicant has subsidiaries or branches, it shall identify the name and business
address and shall describe the areas of business activities of each subsidiary or branch.
4. The application shall include a chart showing the ownership links between the applicant,
its parent undertaking and ultimate parent undertaking, subsidiaries, affiliates and any
other associated or connected entities. The undertakings shown in the chart shall be
identified by their full name, LEI (or, if not available, a nationally accepted identifier), legal
form and business address.
Article 3
Ownership structure
1. Documentation attached to the application shall contain:
(a) a list containing the name and business address of each person or entity who holds
10% or more of the applicant’s capital or of its voting rights or whose holding makes it
possible to exercise a significant influence over the applicant’s management; together
with
i. the percentage of the capital and voting rights held, together with, where applicable,
the description of the arrangements allowing the person or entity to exercise a
significant influence over the applicant’s management; and
28
ii. the nature of the business activities of the entities referred to in point (a);
(b) a list containing the name and business address of any undertakings in which a person
referred to in point (a) holds 10% or more of the capital or voting rights or over whose
management they exercise a significant influence, together with the description of their
business activities.
Article 4
Composition of the management body and the organisational structure
1. The application shall contain information regarding the applicant’s internal governance
policies and the terms of procedure which govern its management bodies, independent
directors and, where established, committees or substructures of its management bodies.
2. The application shall describe the composition of the management body, identifying its
members, and, if applicable, the composition of committees or other substructures set-up
within the management body. Independent members of the management body shall be
identified separately. For each member of the management body, including independent
members, the application shall describe the position held within the management body, the
time commitment for the position and the responsibility allocated to that position.
3. The application shall contain an organisational chart detailing the organisational structure
of the applicant that clearly identifies both significant roles and the member or members of
the management body responsible for each significant role. In case the applicant provides
or intends to provide other services than the STS verification services, the organisational
chart shall also detail the applicant’s organisational structure and identity and responsibility
of the members of the management body in respect of those services.
4. The application shall contain the following information in respect of each member of the
management body:
(a) a copy of their curriculum vitae, including
i. overview of the members post-secondary education;
ii. the member’s complete employment history with dates, identification of positions
held and a description of the functions occupied; and
iii. any professional qualification held by the member, together with the date of
acquisition and, if applicable, status of membership in the relevant professional
body;
29
(b) details regarding any criminal convictions, in particular in the form of an official criminal
record certificate if available within the member’s country of origin and any other
countries of residence, if different to the country of origin;
(c) a declaration signed by the respective member, that states whether he/she:
i. has been convicted of any criminal offence and, if so provides details of such
offence and the sanction received, if any;
ii. has been subject to an adverse decision in any proceedings of a disciplinary nature
brought by a regulatory authority, government body, or agency;
iii. has been subject to an adverse judicial finding in civil proceedings before a court,
including for impropriety or fraud in the management of a business;
iv. has been part of the management body (board or senior management) of an
undertaking whose registration or authorisation was withdrawn by a regulatory
authority, government body, or agency;
v. has been refused the right to carry on activities which require registration or
authorisation by a regulatory authority, government body, or agency;
vi. has been part of the management body of an undertaking which has gone into
insolvency or liquidation while this person was connected to the undertaking or
within a year of the person ceasing to be connected to the undertaking;
vii. has been part of the management body of an undertaking which was subject to an
adverse decision or penalty by a regulatory authority, government body, or agency;
viii. has been disqualified from acting as a director, disqualified from acting in any
managerial capacity, dismissed from employment or other appointment in an
undertaking as a consequence of misconduct or malpractice;
ix. has been otherwise fined, suspended, disqualified, or been subject to any other
sanction, including in relation to fraud or embezzlement by a regulatory authority,
government body, agency, or professional body; and
x. is subject to any investigation, or pending judicial, administrative, disciplinary or
other proceedings, including relation to fraud or embezzlement by a regulatory
authority, government body, agency, or professional body.
(d) a declaration of any potential conflicts of interest that the member of the management
body may have in performing their duties and how these conflicts are managed. This
declaration should include an inventory of any positions held in other undertakings,
including as independent directors; and
30
(e) unless included in point (a) , a description of the members’ knowledge and professional
experience in the tasks relevant for providing STS verification services.
5. The application shall contain the following additional information in respect of each
independent member of the management body:
(a) declaration of the member’s independence;
(b) information on any past or present business, employment or other relationships that
might create a potential conflicts of interest; and
(c) information on any business, family or other relationship, with the third-party applicant,
its controlling shareholder or the management of either, that creates a conflict of
interest or might create a potential conflict of interest that can impair the member’s
judgement.
Article 5
Internal control
1. The application shall contain detailed information relating to the internal control system of
the applicant with regards to the prevention of the conflicts of interest and operational
safeguards and internal processes that enable the applicant to assess STS compliance.
Such information shall include a description of its compliance function, its risk assessment
arrangements and its internal control mechanisms.
2. The application shall include a detailed summary of, any policies, procedures and manuals
regarding
(a) the controls and safeguard of the independence of the applicant’s verification of the
STS compliance; and
(b) internal controls governing the implementation of policies and procedures to identify
and prevent potential conflicts of interest.
Article 6
Corporate governance
1. Where the applicant adheres to a recognised corporate governance code of conduct, in
particular in regard to the nomination and role of the independent members of the
management body and the management of the conflicts of interest, the application shall
identify the code and provide an explanation for any situations where the applicant deviates
31
from the code.
Article 7
Independence and avoidance of conflicts of interest
1. The application shall contain information regarding the policies and procedures with
respect to the identification, management, elimination, mitigation and disclosure without
delay of the existing or potential conflicts of interest and threats to independence arising
from the employment or positions held by the members of the management body, whether
in the past or currently.
2. The application shall also include a description of the process used to ensure that the
relevant persons are aware of the policies and procedures referred to in paragraph 1 and
description of the process of monitoring, review and update of these policies and
procedures.
3. The application shall contain a description of any other measures and controls put in place
to ensure the proper and timely identification, management and disclosure of the conflicts
of interest.
4. The application shall contain an up-to-date inventory of actual and potential conflicts of
interest relevant to it. Such inventory shall, as a minimum, describe the following actual or
potential conflicts of interest:
(a) any actual or potential conflicts of interest involving third parties, shareholders, owners
or members of the applicant, members of the management body, managers,
employees of the applicant or any other natural person whose services are placed at
the disposal or under the control of the applicant;
(b) any actual or potential conflicts of interest arising from existing or envisaged business
relationships of the applicant, including any existing or envisaged outsourcing
arrangements or from the applicant’s other activities; and
(c) any actual or potential conflicts of interest arising from the relationship of the applicant
or members of its management body with the originators, sponsor or SSPE involved in
the securitisations which the applicant assesses or intends to assess or to groups to
which such undertakings belong.
5. Where the applicant belongs to a group of undertakings as defined in point 11 of Article 2
32
of the Directive 2013/34/EU14, network as defined in point 7 of Article 2 of the Directive
2006/43/EC 15 or similar wider structure, the application shall include in the inventory
referred to in paragraph 3 any actual or potential conflicts of interest arising from other
entities which belong to such group of undertakings, network or other structure.
6. The application shall provide policies and procedures that aim to ensure that the applicant
will under no circumstances provide any form of advisory, audit or equivalent services to
the originator, sponsor, or the SSPE involved in the securitisation which the applicant
assesses.
Article 8
Fee structure
1. The application shall contain information on the pricing policies for providing the STS
verification services. The applicant shall ensure that the application includes the following:
(a) pricing criteria and a fee structure or a fee schedule for the STS verification services;
for each securitisation type and underlying asset class for which such services are
offered; including any internal guidelines or procedures governing how the pricing
criteria are used in order to determine or set individual fees;
(b) a detailed description of the pricing criteria along with the details of the methods used
to account for the separate cost that the applicant may incur when providing STS
verification services, including, in case parts of the STS verification process are
planned to be outsourced, description of the mechanism how outsourcing is taken into
account in the pricing criteria;
(c) a detailed description of the procedures in place for changing fees or for otherwise
departing from the fee schedule, including the case of a frequent use programme;
(d) a detailed description of the procedures and internal controls in place to ensure and
monitor compliance with the pricing policies, including those related to monitoring of
the development of individual fees over time and across different customers;
(e) a detailed description of the process for reviewing and updating both the costing system
14 Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 27)
15 Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p.87)
33
and pricing policies; and
(f) a detailed description of the procedures and internal controls on maintaining
information relating to fee schedules, individual fees applied, and changes to the
applicant’s pricing policies.
2. The application shall provide information related to
(a) whether the fees are set in advance of the assessment;
(b) whether prepaid fees are non-refundable; and
(c) the existence of operational safeguards aiming to ensure that the contractual
agreements with the originator, sponsor or SSPE to provide STS verification services
do not include contractual termination clause or lead to breach of contract on
performance or in case of non-confirmation of STS.
3. The application shall include information related to the
(a) revenue from other services provided by the applicant, disaggregated to revenue from
non securitisation-related services and fee revenue from securitisation-related
services, over each of the three annual reporting periods preceding the date of the
submission of its application;
(b) concentration of revenue from a single undertaking or a group of economically
connected undertakings, representing more than 5% of total revenue, over each of the
three annual reporting periods preceding the date of the submission of its application;
and
(c) projected proportion of fee revenue from providing STS verification services compared
with total projected revenue for the forthcoming three years’ reference period.
Article 9
Operational safeguards and internal processes to assess STS compliance
1. The application shall contain all information that demonstrates that the applicant has proper
operational safeguards and internal processes that enable it to assess the STS
compliance. In particular the application shall include the following information:
(a) number of employees of the applicant, calculated on a full-time equivalent basis,
disaggregated to types of positions within the applicant company;
(b) policies and procedures with regards to:
i. the independence of individual staff members, including the management of actual
and potential conflicts of interest in this regard;
34
ii. the ending of employment contracts including any measures to ensure the
independence and integrity of the STS verification process associated with the end
of the employment (such as e.g. negotiating future employment contracts for staff
directly involved in the STS verification activities);
iii. experience and qualification requirements in relation to each position type directly
employed by the applicant, to be involved in STS verification activities;
iv. training and development relevant to the provision of STS verification services; and
v. the compensation and performance evaluation for staff directly involved in the STS
verification activities;
(c) a description of measures in place to mitigate the risk of over-reliance on individual
employees;
(d) where the applicant plans to rely in its STS verification engagements on the work of an
external expert:
i. policies and procedures with regards to the outsourcing of activities and
engagement of external experts,
ii. a description of any outsourcing arrangements entered into or envisaged by the
applicant, accompanied, on a request of the competent authority, by a copy of the
contracts governing outsourcing arrangements;
iii. definitions of the services to be provided, including the measurable scope of those
services, the granularity of the activities, and the conditions under which those
activities are rendered; and
iv. where important operational functions are outsourced, an explanation of how the
applicant intends to identify, manage and monitor the risks posed by such
outsourcing and a description of the safeguards put in place by the applicant to
ensure independence of the STS verification process;
(e) a description of the measures to be used in the event of a breach of policies and
procedures referred to in paragraphs 1(b) - (d) and measures for reporting to the
competent authority any material breach of these policies or procedures or any other
fact, event or circumstance which is reasonably likely to result in a breach of the
conditions for the initial authorisation; and
(f) a description of the process used to ensure that the relevant persons are aware of the
policies and procedures referred to in paragraphs 1(b) - (d) and description of the
process of monitoring, review and update of these policies and procedures.
35
2. The application shall contain, for each securitisation type and underlying asset class for
which the applicant intends to provide STS verification services,
(a) a description of the assessment methodology to be used for STS verification, including
procedure and methodology for quality assurance of such verification; and
(b) a template of the verification reports to be provided to the originator, sponsor or the
SSPE.
Article 10
Entry into force
This Regulation shall enter into force on the 20th day following its publication in the Official
Journal of the European Union.
It shall apply from 1st of January 2019.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, […].
For the Commission
The President
Annex 1:
DOCUMENT REFERENCES
(Article 1(2))
Article of this Regulation Unique reference number of document
Title of the document
Chapter or section or page of the document where the information is provided or reason why the information is not provided